Lucene search
+L

13 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 8:33 p.m.6 views

CVE-2026-52813

Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary...

10CVSS6.1AI score0.01107EPSS
Exploits0References5Affected Software1
SUSE Linux
SUSE Linux
added 2026/01/22 9:7 a.m.8 views

Security update for python3

This update for python3 fixes the following issues: Security fixes: CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter="data" bsc1244032 CVE-2025-4330: Fixed extraction filter bypass for linking outside extraction directory bsc1244060...

8.4CVSS7.2AI score0.27095EPSS
Exploits16References26
Tenable Nessus
Tenable Nessus
added 2025/10/11 12:0 a.m.9 views

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2242)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows arbitrary filesystem writes outside the extraction directory during extraction with filter='data'. You are affected by this vulnerability ...

9.4CVSS7.3AI score0.01227EPSS
Exploits14References5
OSV
OSV
added 2025/07/10 9:2 a.m.15 views

BIT-PYTHON-MIN-2025-4517 Arbitrary writes via tarfile realpath overflow

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS9.7AI score0.01227EPSS
Exploits11References13
OSV
OSV
added 2025/06/24 7:26 a.m.7 views

SUSE-SU-2025:02074-1 Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.5. Security issues fixed: - CVE-2025-4517: arbitrary filesystem writes outside the extraction directory during extraction with filter='data' bsc1244032 - CVE-2025-4516: use-after-free in the unicode-escape decoder when...

9.4CVSS8.7AI score0.0188EPSS
Exploits14References21
RedhatCVE
RedhatCVE
added 2025/06/03 2:54 p.m.14 views

CVE-2025-4517

A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall or TarFile.extract methods with the extraction filter parameter set to "data" or "tar"...

9.4CVSS6.7AI score0.01227EPSS
Exploits11References9
OSV
OSV
added 2025/06/03 1:15 p.m.10 views

ALPINE-CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS8AI score0.01227EPSS
Exploits11References1
NVD
NVD
added 2025/06/03 1:15 p.m.14 views

CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS0.01227EPSS
Exploits11References12
OSV
OSV
added 2025/06/03 12:58 p.m.8 views

CVE-2025-4517 Arbitrary writes via tarfile realpath overflow

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS7.3AI score0.01227EPSS
Exploits11References15
CVE
CVE
added 2025/06/03 12:58 p.m.1214 views

CVE-2025-4517

CVE-2025-4517 concerns the tarfile module: when extracting untrusted tar archives using TarFile.extractall() or TarFile.extract() with filter set to "data" (or "tar"), it allows arbitrary filesystem writes outside the extraction directory. The description and connected advisories confirm this is ...

9.4CVSS9.7AI score0.01227EPSS
Exploits11References12
AlpineLinux
AlpineLinux
added 2025/06/03 12:58 p.m.13 views

CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS7.7AI score0.01227EPSS
Exploits11
OSV
OSV
added 2022/04/28 9:16 p.m.65 views

GHSA-CVX5-M8VG-VXGC Arbitrary filesystem write access from velocity.

Impact The velocity scripts is not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Now writing an attacking script in velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which...

7.5CVSS5.8AI score0.01476EPSS
Exploits1References6
ClickHouse
ClickHouse
added 2019/09/10 12:0 a.m.13 views

CVE-2019-15024

Аn attacker that has write access to ZooKeeper and who can run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the...

6.5CVSS5.6AI score0.00949EPSS
Exploits0
Rows per page
Query Builder